Trusted List of supervised/accredited Certification Service Providers
General information
The present list is the TSL implementation of Austria's "Trusted List of supervised/accredited Certification Service Providers" providing information about the supervision/accreditation status of certification services from Certification Service Providers (CSPs) who are supervised/accredited by Austria for compliance with the relevant provisions of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
The Trusted List aims at:
- listing and providing reliable information on the supervision/accreditation status of certification services from Certification Service Providers, who are supervised/accredited by Austria for compliance with the relevant provisions laid down in Directive 1999/93/EC;
- facilitating the validation of electronic signatures supported by those listed supervised/accredited certification services from the listed CSPs.
The Trusted List of a Member State provides a minimum of information on supervised/accredited CSPs issuing Qualified Certificates in accordance with the provisions laid down in Directive 1999/93/EC (Art. 3.3, 3.2 and Art. 7.1(a)), including information on the QC supporting the electronic signature and whether the signature is or not created by a Secure Signature Creation Device.
The CSPs issuing Qualified Certificates (QCs) listed here are supervised by Austria and may also be accredited for compliance with the provisions laid down in Directive 1999/93/EC, including with the requirements of Annex I (requirements for QCs), and those of Annex II (requirements for CSPs issuing QCs). The applicable "supervision" system (respectively "voluntary accreditation" system) is defined and must meet the relevant requirements of Directive 1999/93/EC, in particular those laid down in Art. 3.3, Art. 8.1, Art. 11 (respectively, Art. 2.13, Art. 3.2, Art. 7.1(a), Art. 8.1, Art. 11).
Additional information on other supervised/accredited CSPs not issuing QCs but providing services related to electronic signatures (e.g. CSP providing Time Stamping Services and issuing Time Stamp Tokens, CSP issuing non-Qualified certificates etc.) are included in the Trusted List and the present TSL implementation at a national level on a voluntary basis.
Specific information
The legal basis for electronic signatures in Austria are the Signature Act (Signaturgesetz - SigG, BGBl I 1999/190 in its current version) and the ordinances issued on the basis thereof, in particular the Signature Ordinance 2008 (Signaturverordnung 2008 - SigV 2008, BGBl II 2008/3 in its current version).
As supervisory authority under § 13 SigG, the Telekom-Control Commission (statutory name: Telekom-Control-Kommission; abbreviated TKK) supervises all CSPs to which the SigG applies. This includes CSPs which are established in Austria and issue qualified certificates or provide qualified timestamping services to the public. Other CSPs are not supervised under the SigG.
CSPs must comply with the requirements of the SigG and the ordinances issued on the basis thereof (in particular §§ 6 to 12, 18, 20, 22, and 23 SigG as well as relevant provisions of the SigV 2008). On the basis of §§ 13 to 16 SigG and § 14 SigV 2008, compliance with the requirements is determined by the TKK which is supported by the Austrian Regulatory Authority for Broadcasting and Telecommunications (statutory name: Rundfunk und Telekom Regulierungs-GmbH; abbreviated RTR).
Under § 17 SigG, CSPs which prove to the supervisory authority that they comply with the requirements of the SigG and the ordinances issued on the basis thereof (in particular §§ 6 to 12, 18, 20, 22, and 23 SigG as well as relevant provisions of the SigV 2008) before establishing their activities as accredited CSPs are accredited by the TKK upon request. Other CSPs are not accredited under the SigG.
In the course of both supervision and accreditation, compliance with the requirements of the SigG and the ordinances issued on the basis thereof is determined. This also includes determination whether a CSP complies with the information presented in its security and certification policy (e.g., compliance with certain technical standards).
Austria's Trusted List is established, maintained and published by RTR on the basis of § 15 para. 2 no. 3 SigG.